This talk focuses on the first three candidates of the 2013 OWASP Top 10. John will demonstrate attack examples, common tools to find these flaws, and consequences that occur without remediation or mitigating controls.

+

+

John Rogers is a Senior Application Security Engineer working in the Security Assurance department at Lincoln Financial Group. Previously John worked as a Lead Security Engineer at ACI Worldwide, Inc. John is one of the unique Application Security Professionals with over 20 years of experience in all aspects of the Software Development Lifecycle (SDLC) for the Banking, Payment and Financial Services industries. John is also a Certified Information Systems Security Professional (CISSP) and serves as President of InfraGard Nebraska

Scott a Software Security Engineer for TD Ameritrade. In this role he provides static and dynamic application assessments for over 250 TD Ameritrade front end, back end and mobile applications. Prior to this Scott was the Lead Analyst for TD Ameritrade’s Security Event Center which coordinates incident response within TD Ameritrade. In addition to this Scott is also an Adjunct Instructor for ITT Technical Institute’s Bachelors of Information Security program, and an adjunct Professor for Bellevue University’s Masters of Cyber Security Program. Prior to his current role with Scott was the Chief Security Officer for the Leo A Daly Company. Scott is also a Past President of Nebraska InfraGard, and a graduate of the FBI Citizen’s Academy. Scott received his Bachelor’s Degree in 2003 from Bellevue University in Business Information Systems and his Master’s Degree from the University of Nebraska Omaha in the Management of Information Systems. Upon Graduation Scott was the recipient of the 2007-2008 Outstanding Graduate Student in Information Systems & Quantitative Analysis. Scott is a current CISSP holder in addition to numerous other certification’s from CompTIA and Microsoft.

Tristan Lawson is a senior consultant for Continuum Security Solutions, with a primary focus on penetration testing, PCI compliance, and governance. Lawson has ten years of IT experience in the areas of information security, programming, infrastructure design, and workstation/server repair of software and hardware. He is also routinely called upon for public speaking and article contributions on a wide range of IT security topics.

OWASP Omaha

Welcome to the Omaha chapter homepage. The chapter leaders are Rob Temple, John Rogers, Scott Christiansen, Zac Fowler, and Fred Donovan. Click here to join the local chapter mailing list.

Participation

OWASP Foundation (Overview Slides) is a professional association of global members and is and open to anyone interested in learning more about software security. Local chapters are run independently and guided by the Chapter_Leader_Handbook. As a 501(c)(3) non-profit professional association your support and sponsorship of any meeting venue and/or refreshments is tax-deductible. Financial contributions should only be made online using the authorized online chapter donation button. To be a SPEAKER at ANY OWASP Chapter in the world simply review the speaker agreement and then contact the local chapter leader with details of what OWASP PROJECT, independent research or related software security topic you would like to present on.

This talk focuses on the first three candidates of the 2013 OWASP Top 10. John will demonstrate attack examples, common tools to find these flaws, and consequences that occur without remediation or mitigating controls.

John Rogers is a Senior Application Security Engineer working in the Security Assurance department at Lincoln Financial Group. Previously John worked as a Lead Security Engineer at ACI Worldwide, Inc. John is one of the unique Application Security Professionals with over 20 years of experience in all aspects of the Software Development Lifecycle (SDLC) for the Banking, Payment and Financial Services industries. John is also a Certified Information Systems Security Professional (CISSP) and serves as President of InfraGard Nebraska

Thu Sep 5, 2013 - The OWASP Way: Understanding the OWASP Vision and the Top Ten

Scott a Software Security Engineer for TD Ameritrade. In this role he provides static and dynamic application assessments for over 250 TD Ameritrade front end, back end and mobile applications. Prior to this Scott was the Lead Analyst for TD Ameritrade’s Security Event Center which coordinates incident response within TD Ameritrade. In addition to this Scott is also an Adjunct Instructor for ITT Technical Institute’s Bachelors of Information Security program, and an adjunct Professor for Bellevue University’s Masters of Cyber Security Program. Prior to his current role with Scott was the Chief Security Officer for the Leo A Daly Company. Scott is also a Past President of Nebraska InfraGard, and a graduate of the FBI Citizen’s Academy. Scott received his Bachelor’s Degree in 2003 from Bellevue University in Business Information Systems and his Master’s Degree from the University of Nebraska Omaha in the Management of Information Systems. Upon Graduation Scott was the recipient of the 2007-2008 Outstanding Graduate Student in Information Systems & Quantitative Analysis. Scott is a current CISSP holder in addition to numerous other certification’s from CompTIA and Microsoft.

-Time & Location, TBA

Thu Dec 5, 2013 - Advanced Mobile Penetration Testing

Tristan Lawson is a senior consultant for Continuum Security Solutions, with a primary focus on penetration testing, PCI compliance, and governance. Lawson has ten years of IT experience in the areas of information security, programming, infrastructure design, and workstation/server repair of software and hardware. He is also routinely called upon for public speaking and article contributions on a wide range of IT security topics.